Analysis
-
max time kernel
29s -
max time network
36s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
24-08-2024 10:20
Static task
static1
Behavioral task
behavioral1
Sample
c18c5ca32b80d4b595500853e1899d03edbe954d1e79da14f167aa888918d547.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
c18c5ca32b80d4b595500853e1899d03edbe954d1e79da14f167aa888918d547.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
c18c5ca32b80d4b595500853e1899d03edbe954d1e79da14f167aa888918d547.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
c18c5ca32b80d4b595500853e1899d03edbe954d1e79da14f167aa888918d547.apk
-
Size
312KB
-
MD5
1285e688bb834e348023425ab4bbbfa5
-
SHA1
605526f8ee8bb7150dbd2a4b90ab9ab5edabd7da
-
SHA256
c18c5ca32b80d4b595500853e1899d03edbe954d1e79da14f167aa888918d547
-
SHA512
6cf4ab3fa4222487731d7cc353b96db63129e9138092167abdb577f6cace82f4f7ffb0a992e9d76c30ae5b2a24f4c87a9bdcd767f30c52ee885ea1f5b2d5d258
-
SSDEEP
6144:jam054ohSedp4p1znyG5RUMWjgZCoXJvasgcgN:jjWhCnnFHUs3pashgN
Malware Config
Signatures
-
pid Process 4938 wcqrucdpzh.otstodvvsm.vrbnjqrsrr -
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId wcqrucdpzh.otstodvvsm.vrbnjqrsrr Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText wcqrucdpzh.otstodvvsm.vrbnjqrsrr -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock wcqrucdpzh.otstodvvsm.vrbnjqrsrr -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver wcqrucdpzh.otstodvvsm.vrbnjqrsrr -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule wcqrucdpzh.otstodvvsm.vrbnjqrsrr
Processes
-
wcqrucdpzh.otstodvvsm.vrbnjqrsrr1⤵
- Removes its main activity from the application launcher
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:4938
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16B
MD5bd42cd13735e292889aeaf043738d15e
SHA12811cb68a43aa2bc8c76d113a4b3f2b5edb37b8d
SHA2568e94a5b968157a3b143ba2d29cbf1b9981c176eaac274b3ce7aaa7850911f191
SHA512f52e88ac338fecb2d2150aae9efbdae2f889b1d2572c45bca48bc4000eb28f8b8a6c176574f8e19152c0a015aba2d7420c35ec75a3e24f5cda0927772cdb3983
-
Filesize
16B
MD570c91d8e88c03c76ef0ac484d12bea91
SHA1a88b73cf5369ce216215a05795157ef60b8472d9
SHA2563677148382ff536e35aaacd6f6148b730bb373e20d67da9e6bf079fd71373b23
SHA5124a83d9e0f212610d702f6e7af34e5a2c1462180a8b0c28025f2e35d6e77a6c75d785b43ae361ae5a7151379e1e8e0205e4624dfbf0b61be37fd9dd01a77724f2